Tuesday, 4 May 2010

My company's web development platform that uses X.509user certificates as the primary means of access control. It's great - the platform infrastructure handles authentication and provides HTTP headers which the sites and services deployed on it use to manage authorisation. Documentation, CMSs, development tools - access to everything is controlled through your cert.

A couple of weeks ago I put a new site live with CMS authorisation managed through the certificates, per best practice. Problems started when I was asked to authorise new business users for the CMS. I provided (what I thought were) fairly simple instructions as to how to find their certificate details so I could add them to the whitelist. Some followed them and some - intelligent people - guessed at their credentials based on their email details. In fact some of them didn't even have certificates, though they were convinced they did, and instead reported bugs because they couldn't access the system.

I was left wondering uncharitably "I don't think I can use an edit suite. Why do they think they can use a computer?"

Why do they think they can use a computer?

Quite simply because Microsoft, Apple and others have spent have spent millions of dollars and cumulative decades persuading them that it's easy. It's not - using a computer is hard.

Don't believe me?

How many new PCs are sold because inexpert users don't know to de-fragment their drive or avoid installing process-hungry system tray apps?

How many more are sold because experienced users clutter up their registry?

OK I'll soften that statement a little. Using a computer to a basic level is pretty simple. Using a computer well requires experience and commitment.

What do we do about it?

My experience with user certificates went awry because it was a system developed for developers. No-one thought to make it accessible to non-technical users, and it wasn't.

Remember that using computers is harder than you think. Don't rely on your users' intuition - don't even expect them to hit 'Save' without being led by the hand. Expect them to ignore complex instructions or unfamiliar user journeys ('Open Internet Options and...'). They'll just walk away if they can, and make a mess of things otherwise.

Who am I?

Agile practitioner for twelve years. Scrum Master and Agile Project Manager (yes they do exist!) and now Delivery Manager for a decade.

Why am I committed to Agile methods? Because they treat grown-ups with respect. Clients who can legitimately develop their ideas and change their their mind. Teams who bring more to the party than ‘mere’ technical skill. Agile approaches both assume and foster fruitful collaboration.

I’ve been lucky to work with some really varied companies. I've seen different approaches to Agile delivery - some done well, some done terribly - and been able to gain broad experience. This blog represents some of that accumulated experience. Expect my opinions to change as I continue to grow and learn!

The by-line photo is nicked from a friend at the Cheap Emotional Response Network. You know who you are - thanks mate!